Re: telnetd vulnerability from BUGTRAQ

To: debian-security@lists.debian.org
Subject: Re: telnetd vulnerability from BUGTRAQ
From: Daniel Pittman <daniel@rimspace.net>
Date: Tue, 28 Sep 2004 21:18:22 +1000
Message-id: <[🔎] 87brfq1w1t.fsf@enki.rimspace.net>
References: <[🔎] 20040924223514.GF28963@vnl.com> <[🔎] 1096078639.10826.11.camel@pitc> <[🔎] Pine.LNX.4.58.0409242337150.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925083859.GH22041@linuxmafia.com> <[🔎] Pine.LNX.4.58.0409251409300.22304@hygvzn-guhyr.pnirva.bet> <[🔎] 20040925211946.GV32311@linuxmafia.com> <20040927072410.GA3495@forumakad.pl> <[🔎] 1096315718.32426.27.camel@king.gregfolkert.net> <[🔎] 20040928065054.GB22196@forumakad.pl> <[🔎] 87sm9226xo.fsf@enki.rimspace.net> <[🔎] 20040928102332.GA2574@forumakad.pl>

On 28 Sep 2004, Dariush Pietrzak wrote:
>>
>> I don't know what you imagine is "encrypted" in FTP, though, since that
>> is not part of the specification or the standard implementations.
>
> oh, not part of THIS: http://www.ietf.org/rfc/rfc2246.txt specification?
> that is like, what, 5 years old?

Why, no.  That specification being for TLS, it has very little to do
with the specification for the FTP protocol.  It does mention it, once,
as an application level protocol that could benefit from the
introduction of TLS, though.

> Well, what about this:
> http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
> and this:
> http://www.faqs.org/ftp/internet-drafts/draft-murray-auth-ftp-ssl-13.txt

...now, /that/ is closer to evidence in favour of your statements.

It is, however, a draft document, even if it is close to becoming a
standard.  That isn't a strong basis for any claim that the standard
does include encryption, or that encryption is a standard part of FTP.

That said, I was partially wrong - there is broader support for TLS in
FTP than I was aware of, reviewing the set of implementations listed
with that draft.

Regards,
        Daniel
-- 
It is preoccupation with possessions, more than anything else,
that prevents us from living freely and nobly.
        -- Bertrand Russell

Reply to:

Follow-Ups:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dariush Pietrzak <eyck@forumakad.pl>

References:
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dale Amon <amon@vnl.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Peter McAlpine <peter@aoeu.ca>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Richard A Nelson <cowboy@debian.org>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Rick Moen <rick@linuxmafia.com>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Greg Folkert <greg@gregfolkert.net>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dariusz Pietrzak <proftpd@forumakad.pl>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Daniel Pittman <daniel@rimspace.net>
- Re: telnetd vulnerability from BUGTRAQ
  - From: Dariush Pietrzak <eyck@forumakad.pl>

Prev by Date: Re: telnetd vulnerability from BUGTRAQ
Next by Date: Re: telnetd vulnerability from BUGTRAQ
Previous by thread: Re: telnetd vulnerability from BUGTRAQ
Next by thread: Re: telnetd vulnerability from BUGTRAQ
Index(es):
- Date
- Thread